7.2
CVE-2006-4447
- EPSS 0.43%
- Veröffentlicht 30.08.2006 01:04:00
- Zuletzt bearbeitet 16.06.2026 22:29:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X.Org ≫ Emu-linux-x87-xlibs Version7.0_r1
X.Org ≫ Xorg-server Version1.02_r5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.345 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://www.securityfocus.com/bid/23697
http://www.vupen.com/english/advisories/2007/0409
http://secunia.com/advisories/22332
http://www.debian.org/security/2006/dsa-1193
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
http://secunia.com/advisories/21650
http://secunia.com/advisories/21660
http://secunia.com/advisories/21693
http://security.gentoo.org/glsa/glsa-200608-25.xml
http://www.kb.cert.org/vuls/id/300368
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
http://www.securityfocus.com/bid/19742
http://www.vupen.com/english/advisories/2006/3409